OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: Password audits

From: Paul Melson (pmelsongmail.com)
Date: Wed Oct 25 2006 - 08:43:26 CDT


-----Original Message-----
Subject: Password audits

> I know there are many ways to get a pw dump from a DC but my question is
this.
> What is the safest way to get that, so that you dont risk having a DC need
to reboot or have to install > software on the DC?

How about restoring the DC to another machine/vm (off the production
network, of course) and doing the analysis on the clone? That way you can
use whatever tool(s) you want and even take the machine offline and boot
from other media if you need.

PaulM

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------